project idea: portable password safe

Werner Almesberger werner at
Sat Sep 7 06:48:17 EDT 2013

EdorFaus wrote:
> It could be improved by also supporting things like ssh private
> keys, but I assume that doing that would be far more complex than
> only supporting passwords, so it is best left for a later version.

Yes, I'd want to have a bit of spare resources for future
extensions. There's a lot of fun things you can do once the
basic infrastructure is in place.

> This made me think of another (fairly recent) RF standard I've been
> interested in, named DASH7

Oh, they opened is now. Nice. I'm not sure about 433 MHz, though.
Don't the antennas get awfully large ?

My idea is to simply reuse the atben/atusb work. The dongle would
be a more compact version of atusb (ideally small enough to allow
keeping it plugged into laptops and such even during transport),
along with a more modern MCU (the MKL24Z64VFM4 looks very nice.)

Note sure about power consumption. Both DASH7 and 802.15.4 at 2.4
GHz seem to be in the same ballpark. And range isn't a concern

> It only allows for sending keypresses (and releases), which is not
> quite the same thing, as that only tells you which key (or combo)
> was pressed, not what character was printed on that key.

Ah yes, good point. USB HID basically sticks to the virtues of
the good old IBM PC keyboard. It was a pain back then, so why
change it.

> This means that the device needs to know which keyboard layout is in
> use on the PC it is talking to, and the keyboard protocol doesn't
> give it that info.

Well, it sort of could. There's the bCountryCode field in the HID
descriptor that could indicate what kind of "localized hardware"
you have. Of course, using that would be uncool, so nobody seems

> The easiest way to do that would probably be to make a setting for it.

Yes, that seems to be the best choice. Forced QWERTY would also
be hugely unpopular with QWERTZ and AZERTY users.

> I assume the RF dongle would, again, appear as a keyboard to the host?
> Basically making the RF part just a replacement for the USB cable?

Yes. Besides that, it could offer additional protocols, e.g., any
extensions for the authentication function. And of course, one
could use it as a general-purpose 802.15.4 2.4 GHz radio.

> It needs to be reliable, though - this means that it must work when
> it's needed, and it needs to have a long battery life.

Since it would typically operate in a "almost always off" mode, I
think we may get away with a small battery, as long as it can
handle the peak load. There are basically the following concerns:

- capacity (assuming a load of about 50-100 mW),
- peak power output,
- voltage (typical, under load),
- size (volume and height),
- availability,
- safety, especially the risk of acid leaks.

Battery		Capac.	Power	Voltage	Volume	Height	Avail.	Safety
		(Wh)	(W)	(Vtyp)	(cm^3)	(mm)
---------------	-------	-------	-------	-------	-------	-------	------
AA     [1]	~2.5	~1	~1.2	8.1	14.5	perfect	poor
AAA    [2]	~1.0	~1	~1.2	3.8	10.5	good	poor
CR2032 [3]	~0.3	~0.1 ?	~2.8	1.0	 3.2	averag.	good


Cost per Wh, if you shop in bulk (1000 units) at Digi-Key, would be
about 8 US-cents for AA, 20 for AAA, and 55 for CR2032.
CR2032 has the advantage that Vtyp is above the minimum supply
voltage of most MCUs, so no boost converter is needed in standby.

> Even if it's a common battery type and they're easily replaceable,
> noone wants to swap out batteries often, and especially not in
> something like this.

Assuming about 5 minutes of use per day, at an average of 70 mW,
CR2032 should last about two months, AAA half a year, and AA more
than a year.

- Werner

More information about the discussion mailing list